ebc78b57b3293c5b46c3bf8e45f2daf8fd90604788d84cd373127ee637ca5e6f

Sharing

Copy URL Twitter E-mail

General

Target

ebc78b57b3293c5b46c3bf8e45f2daf8fd90604788d84cd373127ee637ca5e6f
Size

806KB
MD5

721c989714fe4d1604fb294ecd550df7
SHA1

06c1f13f0c038a0f2219af3254f08b31c17ec7d4
SHA256

ebc78b57b3293c5b46c3bf8e45f2daf8fd90604788d84cd373127ee637ca5e6f
SHA512

afebe2726a45ac47ba1bc7688bfb42f8c0dda346067e12d42a1973d70d8192b4cdd5880bdabbfd002bf64ebe846901bb7966b68be0c85bfbfc2214bc3d11091b
SSDEEP

24576:tUcGEL1UMrAJw4HwOx/3sgjKT0TKal9z2Nds:tUcvU4YHwOx/lX9z2Nds

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebc78b57b3293c5b46c3bf8e45f2daf8fd90604788d84cd373127ee637ca5e6f

Files

ebc78b57b3293c5b46c3bf8e45f2daf8fd90604788d84cd373127ee637ca5e6f
.exe windows:5 windows x86 arch:x86

2e209780b78057e1b1a7148edb854878

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\winapps\gu6\Build\DiskAnalysis\Release\DiskAnalysis.pdb

Imports

scanfile

StopScanFile
IsScanFileThreadLived
ScanAll

register

ShowDlgWindow
GoHomePage
GoHelp
OpenURL

languages

ord3
ord5
ord8
ord4
ord6

uxtheme

CloseThemeData
DrawThemeBackground
OpenThemeData

skinsmanager

GetSkinsToInt
GetSkinsFile
GetAllKeyArrBySection
InitializeLibrary
InitializeSkins
UnitializeLibrary
GetSkinsColor
GetSkinsOption

mfc90u

ord3145
ord265
ord290
ord3637
ord6094
ord587
ord792
ord585
ord788
ord1723
ord4451
ord3149
ord6172
ord3231
ord3941
ord4037
ord2144
ord2143
ord2706
ord3157
ord2705
ord2708
ord1585
ord5399
ord1787
ord6197
ord2707
ord2478
ord590
ord795
ord2137
ord5652
ord6794
ord5595
ord2227
ord2265
ord2269
ord2288
ord2297
ord2289
ord2078
ord4396
ord5802
ord4320
ord6524
ord5611
ord5403
ord2627
ord1431
ord1425
ord5429
ord1432
ord4616
ord4405
ord6013
ord5938
ord6204
ord814
ord6493
ord3686
ord2479
ord1313
ord586
ord790
ord2469
ord6527
ord1047
ord4490
ord4518
ord2551
ord1607
ord1599
ord5632
ord5324
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord1492
ord5653
ord4682
ord6063
ord6572
ord6060
ord6566
ord4579
ord6569
ord6101
ord5974
ord6040
ord5863
ord5850
ord6418
ord6174
ord3513
ord4741
ord2904
ord5167
ord4631
ord4774
ord6355
ord6353
ord1503
ord6205
ord2726
ord4266
ord4262
ord1688
ord3061
ord6636
ord5008
ord4000
ord3160
ord750
ord3627
ord1708
ord1779
ord686
ord436
ord639
ord374
ord3794
ord613
ord337
ord2595
ord4656
ord1682
ord1770
ord3768
ord3953
ord2901
ord3654
ord4660
ord1719
ord2283
ord3933
ord744
ord524
ord2069
ord4044
ord2470
ord6574
ord6372
ord6091
ord1353
ord677
ord595
ord797
ord4681
ord4910
ord4348
ord2891
ord4071
ord4081
ord4080
ord3286
ord2764
ord2893
ord2774
ord3140
ord2966
ord4728
ord3112
ord2983
ord2771
ord1727
ord1791
ord1792
ord5625
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord2728
ord6347
ord933
ord654
ord3528
ord3489
ord4652
ord1665
ord611
ord3742
ord4010
ord3842
ord1166
ord5853
ord2326
ord316
ord300
ord310
ord601
ord818
ord5941
ord2480
ord1608
ord305
ord3221
ord3500
ord1552
ord1542
ord1243
ord2523
ord6811
ord608
ord324
ord5535
ord663
ord404
ord3399
ord2209
ord664
ord405
ord6760
ord2057
ord784
ord582
ord6275
ord693
ord3563
ord3252
ord4658
ord2280
ord5979
ord3515
ord2431
ord2267
ord3165
ord3146
ord6666
ord1533
ord4516
ord6807
ord2243
ord339
ord5078
ord4815
ord4270
ord6324
ord6517
ord6196
ord5947
ord5182
ord4174
ord6802
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord5664
ord4603
ord6800
ord5512
ord2074
ord5602
ord4664
ord1493
ord4345
ord1751
ord1754
ord6411
ord3355
ord778
ord2139
ord4527
ord5650
ord2758
ord3486
ord636
ord367
ord938
ord1354
ord3537
ord6604
ord1063
ord1088
ord1137
ord4410
ord4541
ord6095
ord3622
ord6065
ord2596
ord1357
ord1272
ord1108
ord4040
ord525
ord3488
ord3543
ord2106
ord333
ord6547
ord6183
ord6187
ord286
ord2593
ord6096
ord2592
ord1603
ord811
ord2146
ord3577
ord2282
ord4512
ord2130
ord5851
ord6577
ord4131
ord2694
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord3670
ord2447
ord1355
ord1098
ord4211
ord794
ord589
ord4043
ord4967
ord266
ord6164
ord2372
ord1383
ord1064
ord710
ord462
ord2360
ord4543
ord2141
ord4398
ord3685
ord767
ord3642
ord1714
ord2597
ord6349
ord3167
ord3741
ord6579
ord4171
ord1248
ord813
ord4519
ord285
ord3220
ord6659
ord280
ord1183
ord2537
ord600
ord1254
ord296
ord799
ord1250
ord801
ord5497
ord791
ord3944
ord2676
ord1938
ord935

msvcr90

??0exception@std@@QAE@ABV01@@Z
memset
_CxxThrowException
_invalid_parameter_noinfo
_wcsnicmp
memcpy
_CIatan
_CIsin
memmove_s
_recalloc
calloc
_CIcos
free
malloc
wcstol
wcsstr
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcstod
__wargv
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
__argc
wcschr
towupper
_wcsicmp
wcscpy_s
wcsrchr
_wtof
_purecall
_resetstkoflw
??0exception@std@@QAE@XZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
__CxxFrameHandler3
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
memcpy_s

kernel32

SetLastError
GetLastError
LoadLibraryW
GetModuleHandleW
GetProcAddress
MulDiv
Sleep
InterlockedDecrement
ExpandEnvironmentStringsW
GetLogicalDrives
GetDriveTypeW
GetDiskFreeSpaceW
GetDiskFreeSpaceExW
FindFirstFileW
InterlockedExchange
GetExitCodeThread
CloseHandle
TerminateThread
DuplicateHandle
GetCurrentProcess
ResumeThread
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
WideCharToMultiByte
FindNextFileW
GetVolumeInformationW
GlobalAlloc
GlobalLock
lstrlenW
FindClose
EnterCriticalSection
GlobalUnlock
FileTimeToLocalFileTime
MultiByteToWideChar
lstrlenA
HeapFree
GetProcessHeap
FileTimeToSystemTime
GetModuleFileNameW
GetCommandLineW
LocalFree
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent

user32

DrawTextW
SetRectEmpty
CopyRect
FillRect
FrameRect
SetRect
GetClientRect
EnableWindow
TrackMouseEvent
RedrawWindow
GetCursorPos
ScreenToClient
SetTimer
KillTimer
IsWindow
TabbedTextOutW
DrawTextExW
GrayStringW
InvalidateRect
PtInRect
GetDC
ReleaseDC
GetParent
GetSystemMetrics
GetScrollPos
GetWindowLongW
GetWindowRect
EqualRect
LoadMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
SetCursor
LoadCursorW
SetCapture
ReleaseCapture
PostMessageW
LoadIconW
IsIconic
DrawIcon
IsZoomed
IsWindowVisible
CreatePopupMenu
AppendMenuW
MessageBoxW
GetKeyState
ClientToScreen
TranslateAcceleratorW
GetMessagePos
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetWindowLongW
DestroyIcon
OffsetRect
GetMenuState
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuBarInfo
UnionRect
GetMenuItemInfoW
LoadImageW
DefWindowProcW
CreateMenu
InsertMenuW
ShowScrollBar
SetScrollPos
SendMessageW

gdi32

BitBlt
RectVisible
CreateSolidBrush
PtVisible
ExtTextOutW
Escape
GetBkColor
GetTextColor
CreateFontIndirectW
GetBkMode
TextOutW
GetTextExtentPoint32W
DPtoLP
GetTextMetricsW
GetMapMode
CreateCompatibleBitmap
LPtoDP
CreateFontW
DeleteObject
CreateDIBSection
SetDIBColorTable
CreateCompatibleDC
GetDIBColorTable
StretchBlt
DeleteDC
CreatePen
CreateRoundRectRgn
CreatePatternBrush
SetBrushOrgEx
FillRgn
FrameRgn
BeginPath
EndPath
FillPath
GetObjectW
GetCurrentObject
SelectObject

msimg32

GradientFill
AlphaBlend
TransparentBlt

shell32

ShellExecuteW
CommandLineToArgvW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetDesktopFolder
SHFileOperationW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathIsRootW
ColorAdjustLuma
PathIsDirectoryW
PathMatchSpecW
StrCmpLogicalW

ole32

CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipFree
GdipAlloc
GdipCloneImage
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipCreateBitmapFromFile
GdipCreatePen1
GdipDeletePen
GdipSetSmoothingMode
GdipCreateLineBrush
GdipDeleteBrush
GdipCloneBrush
GdipCreateLineBrushI
GdipCreateSolidFill
GdipSetPenColor
GdipSetLineColors
GdipFillPie
GdipDrawPie
GdipFillEllipse
GdipSetPenBrushFill
GdipDrawEllipse
GdipCreateFromHDC
GdipCreateCachedBitmap
GdipDrawCachedBitmap
GdipDeleteCachedBitmap
GdipCreatePath
GdipDeletePath
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipMeasureString
GdipSetSolidFillColor
GdipFillRectangle
GdipDrawString
GdipCreatePen2
GdipDrawLine
GdipResetPath
GdipDrawRectangle
GdipAddPathLine
GdipAddPathArc
GdipFillPath
GdipDrawPath
GdipAddPathPath
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSaveImageToFile
GdipAddPathPie
GdipIsVisiblePathPoint

guwndmanager

WindowsPosInitialize
WindowsPosHookWnd

crashreport

ord1

config

ord13
ord11
GUCIsSeparate
ord2
ord10
ord1
ord3
ord12
ord9
ord7
ord4

checkupdate

ord6

Sections

.text
Size: 314KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 104KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2e209780b78057e1b1a7148edb854878

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

scanfile

register

languages

uxtheme

skinsmanager

mfc90u

msvcr90

kernel32

user32

gdi32

msimg32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp90

gdiplus

guwndmanager

crashreport

config

checkupdate

Sections

.text Size: 314KB - Virtual size: 313KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 293KB - Virtual size: 292KB

.reloc Size: 104KB - Virtual size: 108KB

.text
Size: 314KB - Virtual size: 313KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 293KB - Virtual size: 292KB

.reloc
Size: 104KB - Virtual size: 108KB